1

Goal: Publish generic Docker image; Deploy image to multiple operating environments (k8s namespaces) with differing configurations.

I am using the KubernetesManifest@0 task to create and populate k8s secret in a k8s namespace. I have 100's of namespaces to represent different customer environments. I am using a bash script in a task before running KubernetesManifest@0 task to populate kubernetesServiceConnection:. Specifically, the bash script uses az devops cli to retrieve the correct, full service connection name for the k8s namespace where I want to deploy the k8s secret.

Problem: KubernetesManifest@0 task appears to require a value for kubernetesServiceConnection: at Pipeline YAML compile time. It appears that I cannot generate a value for kubernetesServiceConnection: during run time.

How can I automatically set kubernetesServiceConnection: at run time?

Error: There was a resource authorization issue: "The pipeline is not valid. Job Deploy_Dev: Step input kubernetesServiceConnection references service connection $(kubernetesServiceConnection) which could not be found. The service connection does not exist or has not been authorized for use.

My code:

  - deployment: Deploy_Dev
pool:
  vmImage: $(vmImageName)
dependsOn: Derive_Variable_Values
variables: 
  kubernetesServiceConnection: $[ dependencies.Derive_Variable_Values.outputs['deriveVariableValues.kubernetesServiceConnection'] ]
environment: $(devOpsEnvironment)
strategy:
  runOnce:
    deploy:
      steps:
      - checkout: self 
        displayName: Checkout $(Build.Repository.Name)
This bash script shows that kubernetesServiceConnection expands to the correct string for my specifc service connection name(s) 
      - task: Bash@3
        displayName: Echo kubernetesServiceConnection
        inputs:
          targetType: 'inline'
          script: |
            echo kubernetesServiceConnection is $(kubernetesServiceConnection)
The above echo provides a correct string for kubernetesServiceConnection 
      - task: KubernetesManifest@0
        displayName: Create k8s secret with Key Vault values
        inputs: 
          action: createSecret
          secretType: generic
          secretName: $(keyVaultSecretName)
          secretArguments: --from-literal=kvclientid=$(kvClientId) --from-literal=kvclientsecret=$(kvClientSecret) --from-literal=kvurl=$(kvUrl)
          kubernetesServiceConnection: $(kubernetesServiceConnection)
          namespace: $(k8sFullNamespace)
kubernetesServiceConnection: $(kubernetesServiceConnection) does not get a chance to resolve
BillQ
  • 71
  • 1
  • 7
  • 1
    [Pipeline Run Sequence](https://learn.microsoft.com/en-us/azure/devops/pipelines/process/runs?view=azure-devops) explains: _It also answers another common issue: why can't I use variables to resolve service connection / environment names? Resources are authorized before a stage can start running, so stage- and job-level variables aren't available. Pipeline-level variables can be used, but only those explicitly included in the pipeline. Variable groups are themselves a resource subject to authorization, so their data is likewise not available when checking resource authorization._ – BillQ May 26 '20 at 18:47
  • Does anybody have any ideas about how I can deploy to 100's of different k8s namespaces from a single Azure DevOps Pipeline? – BillQ May 26 '20 at 18:48
  • Where does the error occurs? In a initialize task or the KubernetesManifest task? – LoLance May 27 '20 at 10:46
  • 1
    Hi @LanceLi-MSFT This happens ever before. There is no logs for this buld (I checked it using REST API). Please check this [screenshot](https://imgur.com/a/hzpyUs9), – Krzysztof Madej May 27 '20 at 16:11
  • 1
    @BillQ 1.Actually you've found the answer of your original issue yourself, it's impossible to set kubernetesServiceConnection: at run time cause `Resources are authorized before a stage can start running, so stage- and job-level variables aren't available`. Feel free to add that as answer~ 2. And as I know one KubernetesManifest task can deploy only one namespace, so I'm afraid you have to add multiple KubernetesManifest tasks for your different namespaces. – LoLance May 28 '20 at 09:46

0 Answers0